|
|
|||
| Rule General Information |
|---|
| Release Date: | 2024-04-28 | |
| Rule Name: | WordPress Social Warfare Plugin Cross-Site Scripting Vulnerability (CVE-2019-9978) | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | The social-warfare plugin before 3.5.3 for WordPress has stored XSS via the wp-admin/admin-post.php?swp_debug=load_options swp_url parameter, as exploited in the wild in March 2019. This affects Social Warfare and Social Warfare Pro. | |
| Impact: | An attacker can conduct a cross-site scripting attack to inject malicious client-side scripts into web pages viewed by other users, or to bypass access controls such as the same-origin policy, if affected version is installed. | |
| Affected OS: | Windows, Linux, Others | |
| Reference: | ExploitDB:46794 http://packetstormsecurity.com/files/152722/Wordpress-Social-Warfare-Remote-Code-Execution.html http://packetstormsecurity.com/files/163680/WordPress-Social-Warfare-3.5.2-Remote-Code-Execution.html https://blog.sucuri.net/2019/03/zero-day-stored-xss-in-social-warfare.html |
|
| Solutions |
|---|
| The vendor has released upgrade patches to fix vulnerabilities, please visit: https://wordpress.org/plugins/social-warfare/#developers |